svn rev #23747: branches/krb5-1-8/src/kdc/
tlyu@MIT.EDU
tlyu at MIT.EDU
Mon Feb 22 19:25:55 EST 2010
http://src.mit.edu/fisheye/changelog/krb5/?cs=23747
Commit By: tlyu
Log Message:
ticket: 6659
version_fixed: 1.8
status: resolved
pull up r23735 from trunk
------------------------------------------------------------------------
r23735 | ghudson | 2010-02-18 13:49:11 -0500 (Thu, 18 Feb 2010) | 8 lines
ticket: 6659
target_version: 1.8
tags: pullup
The TGS code was not freeing authdata. This is an old leak which was
made more evident in 1.8 by the addition of ad-signedpath authdata
appearing in most tickets issued through the TGS path.
Changed Files:
U branches/krb5-1-8/src/kdc/do_tgs_req.c
Modified: branches/krb5-1-8/src/kdc/do_tgs_req.c
===================================================================
--- branches/krb5-1-8/src/kdc/do_tgs_req.c 2010-02-23 00:25:51 UTC (rev 23746)
+++ branches/krb5-1-8/src/kdc/do_tgs_req.c 2010-02-23 00:25:54 UTC (rev 23747)
@@ -136,6 +136,7 @@
reply.padata = 0; /* For cleanup handler */
reply_encpart.enc_padata = 0;
+ enc_tkt_reply.authorization_data = NULL;
e_data.data = NULL;
session_key.contents = NULL;
@@ -726,8 +727,6 @@
}
}
- enc_tkt_reply.authorization_data = NULL;
-
if (isflagset(c_flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION) &&
!isflagset(c_flags, KRB5_KDB_FLAG_CROSS_REALM))
enc_tkt_reply.client = s4u_x509_user->user_id.user;
@@ -1045,6 +1044,8 @@
krb5_free_pa_data(kdc_context, reply.padata);
if (reply_encpart.enc_padata)
krb5_free_pa_data(kdc_context, reply_encpart.enc_padata);
+ if (enc_tkt_reply.authorization_data != NULL)
+ krb5_free_authdata(kdc_context, enc_tkt_reply.authorization_data);
krb5_free_data_contents(kdc_context, &e_data);
return retval;
More information about the cvs-krb5
mailing list